n 

o 



m 



»i3 PATENT APPLICATION 



Douglas N. Knisely 
Robert Jerrold Marks 
Semyon B. Mizikovsky 



CASE 7-4-28 



A 



IN THE UNITED STATES 
PATENT AND TRADEMARK OFFICE 



o 

.tNI= o 



TITLE Method For Distributing Encryption Keys For An Overlay Data Network £ ^ 



ASSISTANT COMMISSIONER FOR PATENTS 
WASHINGTON, D,C. 20231 



SIR: 



NEW APPLICATION UNDER 37 CFR § 1.53(b) 



Enclosed are the following papers relating to the above-named application for patent: 

Specification 
P 3 Informal Sheets of drawings 



*l* 


CLAIMS AS FILED 






NO. FILED 


NO. EXTRA 


RATE 


CALCULATIONS 


•* -4 
•» -d 


Total Claims 


28 - 20 = 


8 


x$18 = 


$144 


'k» * 


Independent Claims 


5 -3 = 


2 


x$78 = 


$156 


U ^ 
>■ 1 


Multiple Dependent 
Claims, if applicable 






+ $260 = 


$0 




Basic Fee 




$690 










TOTAL FEE 


$990 



Please file the application and charge Lucent Technologies Deposit Account No. 12-2325 the amount 
of $990, to cover the filing fee. Duplicate copies of this letter are enclosed. In the event of non-payment 
or improper payment of a required fee, the Commissioner is authorized to charge or to credit Deposit 
Account No. 12-2325 as required to correct the error. 

The Assistant Commissioner for Patents is hereby authorized to treat any concurrent or future reply, 
requiring a petition for extension of time under 37 CFR § 1.136 for its timely submission, as incorporating 
a petition for extension of time for the appropriate length of time if not submitted with the reply. 



Please address all correspondence to Docket Administrator (Room 30-512), Lucent Technologies 
Inc., 600 Mountain Avenue, P.O. Box 636, Murray Hill, New Jersey 07974-0636. However, telephone 
calls should be made to me at 973-386-2992, 



Date: September 15, 2000 



Respectfully, 




Christopher Malvone 
Reg. No. 34866 
Attorney for Applicants 



'liSd^^ the Untod 



fs 



Kniseley-Marks-Mizikovsky 7-4-28 



METHOD FOR DISTRIBUTING ENCRYPTION KEYS 
FOR AN OVERLAY DATA NETWORK 

Background of the Invention 

Field of the Invention 

The present invention relates to communications; more specifically, the security of the 
authentication process used in communication systems. 

Description of the Related Art 

FIG. 1 illustrates a base station 10, its associated cell 12 and mobile 14 within ceil 12. 
When mobile station 14 first registers or attempts communications with base station 10, base 
station 10 authenticates or verifies the mobile's identity before allowing the mobile access to the 
communication network. The authentication of mobile 14 involves communicating with 
authentication center 16. Authentication center 16 then accesses a home location register 22 
which is associated with mobile 14. Home location register 22 may be associated with the 
terminal or mobile by an identifier such as the mobile's telephone number. The information 
contained in the home location register is used to generate encryption keys and other information. 
This information is used to supply base station 10 with information that is transmitted to mobile 
14 so that mobile 14 can respond and thereby be authenticated as a mobile that is entitled to 
receive communication services. 

FIGS. 2a and 2b illustrate the authentication process used for an IS-41 compliant 
network. IS-41 compliant networks are networks that use, for example, AMPS, TDMA or 
CDMA protocols. In this system, both the mobile and home location register contain a secret 
value called AKEY. Before the actual authentication process can start, a key update is performed 
by providing the mobile with keys that will be used with encryption functions for authentication 
and communication. The AKEY value stored in the home location register associated with the 
mobile is used to produce the keys. The keys values calculated are the SSDA (Shared Secret 
Data A) and SSDB (Shared Secret Data B) values. These values are calculated by performing the 
CAVE algorithm or function using a random number Rs as an input and the value AKEY as the 
key input. The CAVE algorithm is well known in the art and is specified in the IS-41 standard. 
The network then updates the key values SSDA and SSDB that will be used by the mobile by 
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transmitting Rs to the mobile. The mobile then calculates SSDA and SSDB in the same fashion 
as calculated by the authentication center. Now that the mobile and home location register both 
contain the SSDA and SSDB values, the authentication process may take place. 

FIG. 2b illustrates how a mobile is authenticated to a network after both the mobile and 
home location register have received the keys SSDA and SSDB. The authentication center 
challenges the mobile by sending a random number to the mobile. At this point both the 
mobile and authentication center calculate the value AUTHR, where AUTHR is equal to the 
output of the CAVE algorithm using the random number R^ as an input and the SSDA value as 
the key input. The mobile then transmits the calculated value AUTHR to the authentication 
center. The authentication center compares its calculated value of AUTHR and the value 
received from the mobile. If the values match, the mobile is authenticated and it is given access 
to the network. In addition, both the mobile and the authentication center calculate the value of 
cipher key Kc where the value Kc is equal to the output of the CAVE algorithm using the value 
Rn as an input and the value SSDB as the key input. At this point, communications between the 
mobile and network are permitted and may be encrypted using a cryptographic function where the 
inputs are the message to be encrypted and the key value is Kc • 

As illustrated above, many of today's wireless voice networks such as CDMA, TDMA, 
GSM and AMPS networks provide for securely commimicating encryption or cipher keys 
between a network and a mobile terminal. Unfortunately, this capability is not available in other 
networks. 

Summary of the Invention 

The present invention uses a first communication network to securely communicate a key 
that is used for communications over a different network. In one embodiment, a CDMA network 
is used to securely communicate a key that is used for communications in a data network. The 
key used in the data network may be used for authentication and/or enciphering or encryption. 

Brief Description of the Drawings 

FIG. 1 illustrates communications between a mobile and authentication center; 
FIGS. 2a and 2b illustrate the key update and authentication process for an IS-41 
compliant network; 

FIG. 3 illustrates a first network that securely provides a key for use in a second or 
overlay network; and 
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FIG. 4 illustrates the process for providing a key for communications in an overlay 
network using secure communications over another network. 

Detailed Description of the Invention 

FIG. 3 illustrates CDMA network 50 and HDR (Higher Data Rate) network 60. CDMA 
network 50 is a network that provides secure communications and user authentication. Network 
50 may be a network other than a CDMA network such as a TDMA network, GSM network, 
AMPS network or another type of wireless voice network. Mobile station 62 communicates with 
network 50 via base station 64. Initially, mobile station 62 is authenticated by network 50 as 
described earlier through communications between base station 64 and authentication center 66 
which includes home location register 68. It is also possible for base station 64 to communicates 
with authentication center 66 via mobile switching center 70. If communication network 50 is 
not mobile station 62 's home network, the authentication process is carried out through 
authentication center 72 and visiting location register 74 which communicate with authentication 
center 76 and home location register 78 in the mobile's home network. After mobile station 62 
has been authenticated by network 50 communicates are carried out through base station 64 and 
mobile switching center 70 to either public switched telephone network 80 or short message 
service message center (SMS MC) 90. 

In some instances, mobile station 62 may be in communication with or may include 
application terminal 1 00 when carrying out data communications. For example, application 
terminal 100 may be a portable computer in communication with mobile station 62, or it may be a 
communication application being run by mobile station 62. Data communications are typically 
carried out by application terminal 100 through mobile station 62 via data network 60. Data 
network 60 may be a data network such as an HDR radio access network (H -RAN). Network 60 
may include elements such as base station 1 10 and switching center 1 12, Switching center 1 12 
allows base station 1 10 to communicate with internet protocol (IP) network 11 4 and packet data 
service network (PDSN) 116. When involved in data communications, application terminal 100 
communicates with the destination application terminal or server 1 1 8 via mobile station 62, base 
station 110, switching center 1 12 and PSDN 116. 

Network 50 performs an authentication of mobile station 62 and provides a ciphering key 
Kc to mobile station 62. Once mobile station 62 and network 50 have agreed on a cipher key 
Kc ? secure communications may be carried out between network 50 and mobile station 62. The 
session key that will be used for authentication, and/or enciphering or encryption of 
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communications between application terminal 100 and network 60 is provided to application 
terminal 100 via a secure communication between network 50 and mobile station 62. 

FIG. 4 illustrates the process by which the session key that will be used for communications 
between application terminal 100 and network 60 is communicated to application terminal 100 
using network 50. Each step in this process is outlined below in reference to FIG. 4. 

a) Application terminal (AT) requests the PFP (Point to Point Protocol) connection sending 
the PPPREQ (PPP Request) message to the Mobile Station (MS). 

b) The MS is the combination IS-2000 & HDR terminal. The MS sends the IS-2000 
registration to the IS-2000 RAN (Radio Access Network) (MSC/BSCA^R). 

c) The VLR conducts registration and authentication procedure with the HLR. 

d) The registration and authentication procedure is complete. The session Ciphering Key 
( Kc ) is available at the VLR/MSC/BSC. 

e) The registration session is completed and the Kc is available at the MS. 

f) The MS sends the PPPREQ to the HDR RAN. The message is identified by the MS 
IMSI (A mobile station or user identifier). 

g) The HDR RAN selects the random HDR Session Key, HDR-SSD. 

h) The HDR RAN generates the IS-41 SMS Delivery Point-to-Point (SMDPP) message 
addressed to the MS. The message is identified as the HDR_Teleservice_Message. The 
message contains the HDRSSDUPD (HDR SSD Update Request) and a parameter set to 
the value of HDR_SSD. The message is sent to the IS-41 SMS MC with instruction for 
secure delivery. The IS-41 SMS MC forwards the SMS message to the IS-41 
VLR/MSC/BSC. 

i) The IS-41 VLR/MSC/BSC encrypts the message using the Kc and sends it to the MS 
over the IS-2000 air interface as encrypted SMS message. 

j) The MS decrypts received SMS message and forwards the contents - the HDRSSDUPD 

Request with the HDR-SSD parameter - to the AT with the MS IMSI included, 
k) The AT calculates the digital signature (MAC) of the IMSI using the HDR_SSD as the 

key, and sends the signature to the MS as the response. 
1) The MS assembles the response SMS message for the HDR RAN and sends it to the IS- 

41 MC. The message contains the Digital Signature of the MS IMSI calculated in step 

(k). 

m) The IS-4 1 MC sends the smdpp response to the HDR RAN containing the Digital 

Signature of IMSI. 
n) The HDR RAN validates the Digital Signature of IMSI. 
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o) The HDR RAN sends the PPPREQ (PPP Request) to the PDSN for specific IMSI. 

Optionally J it may include the HDR__SSD to be used for the session encryption at the PPP 
level. 

p) The PDSN established the PPP and responds to the HDR RAN. 
q) The HDR RAN responds to the MS with the pppreq response, 
r) The MS forwards the pppreq response to the AT. 

s) The PPP session is established between the AT and PDSN and may be encrypted using 
the HDR__SSD. 
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The invention claimed is 

1 1 . A method of providing a communication key to a user, comprising the step of: 

2 using a first network to securely provide a communication key to a user for use in 

3 communications over a second network, 

1 2. The method of claim 1 , wherein the key is an authentication key. 

1 3. The method of claim 1, wherein the key is an encryption key. 

1 4. The method of claim 3, wherein the key is an authentication key. 

1 5. The method of claim 1, wherein the first network is a CDMA network. 



6. The method of claim 1, wherein the first network is a TDMA network. 

7. The method of claim 1, wherein the first network is a GSM network. 

8. The method of claim 1, wherein the first network is an AMPS network. 

9. The method of claim 1, wherein the second network is a data communications 

network. 

10. The method of claim 1, wherein the second network is a voice communications 
2 network. 

1 11 . A method of providing a communication key to a user, comprising the step of: 

2 using a first network to securely provide a communication key to a user for use in 

3 communications over a second network, where the first network securely transmits the key using 

4 a ciphering key. 

1 12. The method of claim 1 1, wherein the key is an authentication key. 

1 13. The method of claim 1 1 , wherein the key is an encryption key. 
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1 14. The method of claim 13, wherein the key is an authentication key. 

1 15. A method of providing a communication key to a user, comprising the step of; 

2 using a CDMA network to securely provide a communication key to a user for use in 

3 communications over a second network, where the first network securely transmits the key using 

4 a ciphering key and where the second network is a data network. 

1 16. The method of claim 15, wherein the key is an authentication key. 

1 17. The method of claim 15, wherein the key is an encryption key. 

1 18. The method of claim 17, wherein the key is an authentication key. 



19. A method of providing a communication key to a user, comprising the steps of: 
receiving a communications key from a first communication network; and 
providing the communication key to a user using a second communication network, 
where the communication key is used for communications over the first network. 

20. The method of claim 19, wherein the step of providing comprises securely providing 
the communication key to the user. 

21. The method of claim 19, wherein the key is an authentication key. 

22. The method of claim 19, wherein the key is an encryption key. 



1 23. The method of claim 22, wherein the key is an authentication key. 

1 24. A method of providing a communication key to a user, comprising the steps of: 

2 providing a communication key to a first communication network for delivery to a user; 

3 and 

4 using the communication key for communications with the user over a second 

5 communication network. 

1 25. The method of claim 24, wherein the step of providing comprises providing the 

2 communication key for secure delivery to the user. 
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26. The method of claim 24, wherein the key is an authentication key. 

27. The method of claim 24, wherein the key is an encryption key 

28. The method of claim 27, wherein the key is an authentication key. 
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Abstract 

A first communication network is used to securely communicate a key that is used for 
communications over a different network. In one embodiment, a CDMA network is used to securely 
communicate a key that is used for communications in a data network. The key used in the data network 
may be used for authentication and/or enciphering or encryption. 
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